Test subject – .Asasin variant of Locky ransomware

.Asasin is the latest variant of Locky ransomware, and it gets distributed via SPAM email campaigns. The messages resemble a notification to pay an invoice, having an archive as an attachment. Initial email campaigns had design flaws which prevented many infections, as the actual attachment was obfuscated because of the malformed email construction. This variant follows the Locky pattern, and there are no significant differences from the technical perspective.

Locky .asasin ransomware test facts

Upon execution, the ransomware scans for files and starts the encryption process immediately. It also removes volume shadow copies to ensure files are not recoverable. Currently it is impossible to reverse the encryption of this ransomware and the only way to restore damaged files is to use a backup.

Locky .asasin ransomware test results

As soon as the ransomware starts encrypting files, TEMASOFT Ranstop detects the ransomware activity and triggers an alert, as can be seen in the video. The malicious process is stopped and quarantined and the file restoration process commences. The tests shows that the product successfully recovered all the damaged files to their original location and state. Such an attack causes zero downtime to machines protected by TEMASOFT Ranstop.

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.